As reported by Schneier on Security, researchers including Bruce Schneier, Oleg Brodt, Elad Feldman and Ben Nassi, have proposed a new framework, "promptware," to categorize AI-enabled attacks as a distinct class of malware execution mechanisms, moving beyond the limited scope of prompt injection.The promptware kill chain outlines seven stages of attack, beginning with Initial Access, where malicious instructions enter the AI system either directly or indirectly through retrieved content like emails or web pages. This is followed by Privilege Escalation, where attackers bypass safety guardrails, and Reconnaissance, where the LLM is manipulated to reveal system information. Persistence aims to embed the promptware into the AI's long-term memory or databases. Command-and-Control (C2) enables dynamic modification of the malware's behavior, while Lateral Movement allows the attack to spread to other users or systems. The chain concludes with Actions on Objective, which can include data exfiltration, financial fraud, or even physical world impact.The promptware kill chain framework highlights that prompt injection is merely the initial access point in a multistage operation. Effective defense requires a strategy that assumes initial access will occur and focuses on disrupting subsequent stages of the kill chain, rather than solely attempting to patch the initial vulnerability, the researchers say.Source: Schneier on Security
You can skip this ad in 5 seconds